[theme-reviewers] need your opinion

Chip Bennett chip at chipbennett.net
Thu Aug 16 15:17:30 UTC 2012


The Theme has to be fully functional out-of-the-box (i.e. it can't be
"crippleware"). The Theme cannot put core WordPress functionality behind a
paywall.

A Theme can put *additional* options behind a paywall. For example, a Theme
can't put all dynamic sidebars behind the paywall, but a Theme can have one
or more dynamic sidebars in the free version, and then add *additional*
dynamic sidebars in the commercial version.

I don't have a per se problem with all Theme options being available only
in the commercial version, provided that the Theme, sans options, is fully
functional, and that none of the options locked behind the paywall are core
WordPress functionality (Widgets, Custom Header, Custom Background, etc.)
But by the same token, Themes should not be inappropriately aggressive
about pushing the commercial version. (For example, if a Theme has no
functional Theme Options, there is no reason to direct the user to the
non-functional Theme Options page upon activation.

Chip

On Thu, Aug 16, 2012 at 9:56 AM, Kirk Wight <kwight at kwight.ca> wrote:

> So including options that are not functional until activation is not
> allowed, but having a basic theme that points to a more functional version
> for sale is allowed? Just want to make sure I understand what the guy did
> wrong (I thought it was fine because he was clear about what worked and
> what didn't).
>
>
> On 16 August 2012 10:28, Chandra Maharzan <maharzan at gmail.com> wrote:
>
>> Thanks Otto for explaining. Now, I get it. I have been looking into
>> Mark Jaquith's video too. :)
>>
>> And thanks for taking action on the themes. I don't even want to
>> mention what I have been through with this guy.
>>
>> On Thu, Aug 16, 2012 at 8:09 PM, Otto <otto at ottodestruct.com> wrote:
>> > No, he does escape, just not using esc_html.
>> >
>> > Use the right function for the right case. If it's inside a <textarea>
>> > then you must use esc_textarea. If it's in an HTML tag as an
>> > attribute, then you must use esc_attr. If it's a URL of any sort to be
>> > printed out, then you must use esc_url.
>> >
>> > All these are valid, but they handle different cases. The problem
>> > isn't to "use esc_html", it's to use the proper sanitization function
>> > for the way that the output is being used.
>> >
>> > Oh, and his crippleware technique is definitely not allowed.
>> >
>> > I've suspended these themes for the same basic behaviors:
>> > http://wordpress.org/extend/themes/adventure
>> > http://wordpress.org/extend/themes/adventure-bound-basic
>> >
>> > -Otto
>> >
>> >
>> > On Thu, Aug 16, 2012 at 9:19 AM, Chandra Maharzan <maharzan at gmail.com>
>> wrote:
>> >> Thanks for chiming in Otto. It doesn't escape HTML (which aren't
>> >> needed in his case). Doesn't that allow injecting ? And he is using
>> >> textarea for which textbox could have been used such as URL, or
>> >> activation code.
>> >>
>> >> On Thu, Aug 16, 2012 at 8:01 PM, Otto <otto at ottodestruct.com> wrote:
>> >>> On Thu, Aug 16, 2012 at 1:27 AM, Chandra Maharzan <maharzan at gmail.com>
>> wrote:
>> >>>> He has Theme options but it doesn't work unless people activate (pay)
>> >>>> the author. And then he is arguing about sanitation of data fields,
>> >>>> which Theme Review clearly says to do them (esc_html, esc_attr,etc).
>> >>>> Someone please enlighten me here.
>> >>>
>> >>> He's right about the escaping, for the most part. Text areas should
>> >>> use esc_textarea for sanitization, not esc_html. Similarly, a URL
>> >>> should use esc_url. Use the correct escape function for the correct
>> >>> purpose.
>> >>>
>> >>>
>> >>> -Otto
>> >>> _______________________________________________
>> >>> theme-reviewers mailing list
>> >>> theme-reviewers at lists.wordpress.org
>> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >>
>> >>
>> >> --
>> >> cmans
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> --
>> cmans
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120816/6c8ef711/attachment.htm>


More information about the theme-reviewers mailing list